gpupdate[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gpupdate.zip
Size

33KB
MD5

b46e27f30be62d5e68075866b5abad18
SHA1

366033d2cfb0273b5ed37f121e51ad0cb3294028
SHA256

82960ae56e7565288f15c8f5200f1b5c21561e9fbe45152aaee7eb990e2e2a5d
SHA512

09e38fc3f956ff4acc1a3ba605667698a93e04dffeee9a5bdd5950e97fb14b8d516a3a29bde430052153b1639660061604cf867aa6aca69d31afa32cfc20e492
SSDEEP

768:Wkr9Ut3LQlwGtBRSvTZA6XQySLdrFe2/Ovmbg4PQfq2j67k:zXlhtaxXQyGbeMah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gpupdate.exe

Files

gpupdate.zip
.zip

Password: infected
gpupdate.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

+i_niY
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ